首页 文章

刷新IdentityServer4的令牌

提问于
浏览
1

我们正在实现IdentityServer4并试图弄清楚为什么我们没有获得刷新令牌 . 使用创建的示例我试图确保至少在本地计算机上获得刷新令牌 . 到目前为止没有运气 .

客户端配置如下:

new Client
        {
            ClientId = "client",
            AllowedGrantTypes = GrantTypes.ClientCredentials,
            ClientSecrets = { new Secret("secret".Sha256()) },
            AllowedScopes = { "api1" },
            AllowOfflineAccess = true,
            AccessTokenLifetime = 60,
            IdentityTokenLifetime = 60
        },

使用客户端的测试程序如下所示:

/* CLIENT AUTHENTICATION WITH A KNOWN SECRET */
    var tokenClient = new TokenClient(disco.TokenEndpoint, "client", "secret");
    var tokenResponse = await tokenClient.RequestClientCredentialsAsync("api1");

    if (tokenResponse.IsError)
    {
        Console.WriteLine("TOKEN ERROR:\r\n" + tokenResponse.Error);
        return;
    }

    Console.WriteLine(tokenResponse.Json);

    using (var client = new HttpClient())
    {
        client.SetBearerToken(tokenResponse.AccessToken);

        var numberOfSeconds = 10;

        while( numberOfSeconds < 600 ) 
        {
            Console.WriteLine($"slept for for {numberOfSeconds}");
            Thread.Sleep(10 * 1000);

            var response = await client.GetAsync("http://localhost:52801/api/identity");
            if (!response.IsSuccessStatusCode)
            {
                Console.WriteLine("API ERROR:\r\n" + response.StatusCode);
                break;
            }
            else
            {
                var content = await response.Content.ReadAsStringAsync();
                Console.WriteLine("API RESPONSE:\r\n" + JArray.Parse(content));
            }

            numberOfSeconds += 10;
        }
    }

打印出来的令牌如下所示:

{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjRkMTJiNjI2MmNmODA0ODBmOTU1YTJhNmEyMDE1MzJlIiwidHlwIjoiSldUIn0.eyJuYmYiO
jE1Mzk4MjQyOTcsImV4cCI6MTUzOTgyNDM1NywiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZ
XNvdXJjZXMiLCJhcGkxIl0sImNsaWVudF9pZCI6ImNsaWVudCIsInNjb3BlIjpbImFwaTEiXX0.SjBbzIgNfhZ7K_BfrP6tRR71_VDRyxbUWdm0_7TEO8Tof
_BnXpxMipjeNylVenzEl8rzC5UlkajQpGmKsmPiBKB16QOgkYJjIMitOrjJ0xG-HzgbfW9umxh-mvYMk8aJj2uFYCX6DEs9XsH0Y9U5R4Qxx3zCwkq8SMtwM
4uN3mEJPu_zu7CUp0R7bAmsyjwxvx_s1BkjdGRdwOJ1JaobYqFx800oI5Q19wpWfCoYRAm9fQVBLAh7oJK07iNg037KSam9sAHiLCMh-JsRSHE3alLSEHNAQ
bMWTVJDD5s5ssjDS6XZFuVkGGL1Ezb8wpJkgdA2z_g6h9zHK9pTt3exmw",
  "expires_in": 60,
  "token_type": "Bearer"
}

使用访问令牌过期360秒,并且没有刷新令牌可以获得另一个访问令牌 . 有什么明显的东西我不见了吗?

谢谢!

identityserver4

1 回答

  • 1

    您正在使用 Client Credentials grant类型,因此您不需要 Refresh Token 来请求另一个 Access Token ,因为您的客户端(应用程序)是受信任的 .

    只有需要用户交互的授权类型才需要 Refresh Tokens ,并且用于避免必须返回给用户以获取其凭据 .

    http://docs.identityserver.io/en/latest/topics/refresh_tokens.html

    以下流程支持刷新令牌:授权代码,混合和资源所有者密码凭据流 . 需要明确授权客户端通过将AllowOfflineAccess设置为true来请求刷新令牌 .

    回复于

相关问题